ID de Prueba:	1.3.6.1.4.1.25623.1.0.902720
Categoría:	Mac OS X Local Security Checks
Título:	Apple iTunes Arbitrary Code Execution Vulnerability - Mac OS X
Resumen:	Apple iTunes is prone to an arbitrary code execution vulnerability.
Descripción:	Summary: Apple iTunes is prone to an arbitrary code execution vulnerability. Vulnerability Insight: The flaw is due to a memory corruption issue in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution. Vulnerability Impact: Successful exploitation could allow attackers to lead to an unexpected application termination or arbitrary code execution. Affected Software/OS: Apple iTunes version prior to 10.2.2. Solution: Update to version 10.2.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1290 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html BugTraq ID: 46849 http://www.securityfocus.com/bid/46849 Bugtraq: 20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517513/100/0/threaded Debian Security Information: DSA-2192 (Google Search) http://www.debian.org/security/2011/dsa-2192 http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401 http://www.zerodayinitiative.com/advisories/ZDI-11-104 http://osvdb.org/71182 http://www.securitytracker.com/id?1025212 http://secunia.com/advisories/43735 http://secunia.com/advisories/43748 http://secunia.com/advisories/43782 http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://www.vupen.com/english/advisories/2011/0645 http://www.vupen.com/english/advisories/2011/0654 http://www.vupen.com/english/advisories/2011/0671 http://www.vupen.com/english/advisories/2011/0984 XForce ISS Database: google-webkit-style-code-execution(66052) https://exchange.xforce.ibmcloud.com/vulnerabilities/66052 Common Vulnerability Exposure (CVE) ID: CVE-2011-1344 BugTraq ID: 46822 http://www.securityfocus.com/bid/46822 Bugtraq: 20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517505/100/0/threaded Bugtraq: 20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) (Google Search) http://www.securityfocus.com/archive/1/517517/100/0/threaded http://twitter.com/aaronportnoy/statuses/45632544967901187 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358 http://www.zerodayinitiative.com/advisories/ZDI-11-135 http://www.securitytracker.com/id?1025363 XForce ISS Database: safari-webkit-unspec-code-exec(66061) https://exchange.xforce.ibmcloud.com/vulnerabilities/66061
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.